X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/timetracker.git/blobdiff_plain/9a23a8c0a51b7ec38a96f525484134f3cb85dc7e..04565403a39edd462f6f7d2ef737366cdc40acf1:/WEB-INF/lib/auth/Auth_db.class.php

diff --git a/WEB-INF/lib/auth/Auth_db.class.php b/WEB-INF/lib/auth/Auth_db.class.php
index 7475e6bc..a3885fb6 100644
--- a/WEB-INF/lib/auth/Auth_db.class.php
+++ b/WEB-INF/lib/auth/Auth_db.class.php
@@ -41,11 +41,11 @@ class Auth_db extends Auth {
    */
   function authenticate($login, $password)
   {
-  	$mdb2 = getConnection();
-  	
-  	// Try md5 password match first.
-  	$sql = "SELECT id FROM tt_users 
-      WHERE login = ".$mdb2->quote($login)." AND password = md5(".$mdb2->quote($password).") AND status = 1";
+    $mdb2 = getConnection();
+
+    // Try md5 password match first.
+    $sql = "SELECT id FROM tt_users".
+      " WHERE login = ".$mdb2->quote($login)." AND password = md5(".$mdb2->quote($password).") AND status = 1";
 
     $res = $mdb2->query($sql);
     if (is_a($res, 'PEAR_Error')) {
@@ -55,30 +55,24 @@ class Auth_db extends Auth {
     $val = $res->fetchRow();
     if ($val['id'] > 0) {
       return array('login'=>$login,'id'=>$val['id']);
-    } else {
-    	
-      // If the OLD_PASSWORDS option is defined - set it.
-      if (defined('OLD_PASSWORDS') && isTrue(OLD_PASSWORDS)) {
-        $sql = "SET SESSION old_passwords = 1";
-        $res = $mdb2->query($sql);
-        if (is_a($res, 'PEAR_Error')) {
-          die($res->getMessage());
-        }	
-      }
+    }
 
-      // Try legacy password match. This is needed for compatibility with older versions of TT.
-      $sql = "SELECT id FROM tt_users
-        WHERE login = ".$mdb2->quote($login)." AND password = password(".$mdb2->quote($password).") AND status = 1";
+    // Special handling for admin@localhost - search for an account with admin role with a matching password.
+    if ($login == 'admin@localhost') {
+      $sql = "SELECT u.id, u.login FROM tt_users u".
+        " LEFT JOIN tt_roles r on (u.role_id = r.id)".
+        " WHERE r.rank = 1024 AND password = md5(".$mdb2->quote($password).") AND u.status = 1";
       $res = $mdb2->query($sql);
       if (is_a($res, 'PEAR_Error')) {
         die($res->getMessage());
       }
       $val = $res->fetchRow();
       if ($val['id'] > 0) {
-        return array('login'=>$login,'id'=>$val['id']);
+        return array('login'=>$val['login'],'id'=>$val['id']);
       }
-      return false;
     }
+
+    return false;
   }
 
   function isPasswordExternal() {